Merge pull request #728 from openziti/cors_private_access

Add Response Header Flag to zrok access private (#522)
This commit is contained in:
Michael Quigley 2024-08-07 13:58:55 -04:00 committed by GitHub
commit d621bbd306
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
3 changed files with 24 additions and 9 deletions

View File

@ -4,6 +4,8 @@
FEATURE: Support `html_path` directive in `interstitial` stanza of public frontend configuration to support using an external HTML file for the interstitial page (https://github.com/openziti/zrok/issues/716)
FEATURE: `zrok access private` now includes a `--response-header` flag to add headers to the response for HTTP-based backends. Add flag multiple times to add multiple headers to the response. Expects `key:value` header definitions in this format: `--response-header "Access-Control-Allow-Origin: *"` (https://github.com/openziti/zrok/issues/522)
CHANGE: Update `github.com/openziti/sdk-golang` (and related dependencies) to version `v0.23.40`.
CHANGE: upgrade to ziti v1.1.7 CLI in zrok container image

View File

@ -30,6 +30,7 @@ func init() {
type accessPrivateCommand struct {
bindAddress string
headless bool
responseHeaders []string
cmd *cobra.Command
}
@ -41,8 +42,9 @@ func newAccessPrivateCommand() *accessPrivateCommand {
}
command := &accessPrivateCommand{cmd: cmd}
cmd.Flags().BoolVar(&command.headless, "headless", false, "Disable TUI and run headless")
cmd.Run = command.run
cmd.Flags().StringVarP(&command.bindAddress, "bind", "b", "127.0.0.1:9191", "The address to bind the private frontend")
cmd.Flags().StringArrayVar(&command.responseHeaders, "response-header", []string{}, "Add a response header ('key:value')")
cmd.Run = command.run
return command
}
@ -194,6 +196,7 @@ func (cmd *accessPrivateCommand) run(_ *cobra.Command, args []string) {
cfg := proxy.DefaultFrontendConfig(env.EnvironmentIdentityName())
cfg.ShrToken = shrToken
cfg.Address = cmd.bindAddress
cfg.ResponseHeaders = cmd.responseHeaders
cfg.RequestsChan = requests
fe, err := proxy.NewFrontend(cfg)
if err != nil {

View File

@ -15,6 +15,7 @@ import (
"net/http"
"net/http/httputil"
"net/url"
"strings"
"time"
)
@ -22,6 +23,7 @@ type FrontendConfig struct {
IdentityName string
ShrToken string
Address string
ResponseHeaders []string
Tls *endpoints.TlsConfig
RequestsChan chan *endpoints.Request
}
@ -112,6 +114,14 @@ func newServiceProxy(cfg *FrontendConfig, ctx ziti.Context) (*httputil.ReversePr
req.Header.Set("X-Proxy", "zrok")
}
proxy.ModifyResponse = func(resp *http.Response) error {
for _, responseHeader := range cfg.ResponseHeaders {
tokens := strings.Split(responseHeader, ":")
if len(tokens) == 2 {
resp.Header.Set(strings.TrimSpace(tokens[0]), strings.TrimSpace(tokens[1]))
} else {
logrus.Errorf("invalid response header '%v' (expecting header:value", responseHeader)
}
}
return nil
}
proxy.ErrorHandler = func(w http.ResponseWriter, r *http.Request, err error) {